cyber security

WannaCry hasn’t hurt India's government, but there have been dangerous, unreported attacks before

Bring a cyber security law and amend the Information Technology Act to criminalise malicious online attacks, urge experts.

Computer systems of at least 18 Andhra Pradesh police units are among the hundreds in India compromised by the WannaCry ransomware attack, which began on May 12 and is estimated to have affected more than 200,000 computers across 150 countries so far.

Ransomware is a type of malicious software designed to block access to computer systems until a sum of money is paid. The malware is usually sent through email and blocks access by encrypting the targeted system’s data. The ransom is demanded to be paid in the virtual currency Bitcoin, which the Reserve Bank of India does not recognise as an authorised mode of exchange.

In India, ransomware attacks have become rampant since 2015, cyber security experts said, finding victims in a wide range of industries, from pharmaceuticals to hospitality and banking to information technology.

The latest global attack infected computers at private enterprises in Mumbai, Hyderabad, Bangalore and other cities. The Andhra Pradesh police was the first government agency to report being affected. Now, it has emerged that the Gujarat State Wide Area Network and customer care centres of the West Bengal Electricity Distribution Company Limited, a public sector undertaking, were affected as well.

For government agencies in India, though, WannaCry is not the first ransomware experience. At least two such attacks have been reported in the past one year.

State of vulnerability

In January 2017, three servers in the Delhi office of the Quality Council of India, an accreditation body set up jointly by the central government and the Indian industry associations, were attacked by Cerber ransomware. It took cyber security experts over 36 hours to unblock the system through decryption applications. No ransom had to be paid, said a cyber security expert who was involved in the operation.

According to Kislay Chaudhary, a cyber security consultant with the central government, using decryption applications to unblock ransomware-infected computers is easier said than done. There are thousands of decryption applications available on the internet and each has a specific purpose. So the operation is essentially a hit-and-miss. If all the available applications fail to decrypt the data, the only option left is to wait for the discovery of the malicious software’s kill switch to unblock the computer.

In May 2016, computer systems of Maharashtra’s revenue and public works departments were infected by Locky ransomware.

Ransomware blocks access to the infected computer by encrypting data and demands payment to unlock it. Image credit: Reuters
Ransomware blocks access to the infected computer by encrypting data and demands payment to unlock it. Image credit: Reuters

“It is not that government agencies are more vulnerable to these attacks,” said Chaudhary. “The most vulnerable are private or independent servers and customised mail boxes, which fail to spam emails with malware attachments, often because of lack of investment in making the systems safe enough, and inadequate research and development.”

Pavan Duggal, an advocate with expertise in cyber security law, however, contended that “what is visible on the surface is just the tip of the iceberg”.

“Most ransomware attacks are unreported and India is no exception to that,” he said. “Top information technology companies, banks and even government agencies in the country have witnessed such attacks in the past three years. But most attacks were local and isolated in nature. A mass attack like WannaCry is unprecedented.”

So, how can such attacks be tackled? Duggal said India must urgently enact a cyber security law and amend the Information Technology Act to make cyber attacks criminal offences and clearly chalk out the roles and responsibilities, accountability and liabilities of internet service providers and intermediary agencies in case of such offences.

Outside of the government, Cyber Peace Foundation, a Jharkhand-based cyber security non-profit, has invested in a project called Honey Net to combat cyber attacks. Under this project, the NGO has set up deliberately vulnerable computer networks in 10 states, including Jharkhand, Gujarat, Andhra Pradesh and Karnataka, to invite cyber attacks in order to analyse their nature. They recorded an unusual trend a day before the global cyber attack of May 12.

“The system which usually endures 147 cyber attack attempts per day on an average actually endured around 9,000 attacks on Thursday,” said the founder of the NGO Vineet Kumar. They have received requests to deal with 15 WannaCry infection. These clients include private enterprises, academic institutes and government agencies, Kumar said, but did not disclose their identities.

Lax security

In the wake of the WannaCry attack, the Indian government’s Computer Emergency Response Team issued a critical alert and an advisory while the Ministry of Information Technology reached out to key stakeholders such as the Reserve Bank of India, National Payments Corporation of India, National Informatics Centre and Unique Identification Authority of India, advising them to protect their systems against WannaCry and ensure protection of the digital payments ecosystem in the country, PTI reported. The Reserve Bank, in turn, directed banks to down their ATM networks until the machines received the Windows software update that protects against the ransomware.

“ATMs operations are usually outsourced to third parties and it is shocking that more than 70 percent of the ATM network in India operates on Windows XP,” said Chaudhary, referring to an older version of Microsoft’s operating system. “Microsoft has stopped issuing update patches for the XP, though the case of WannaCry is exceptional because they had released patches on receipt of prior input about a possible leak. But most users, including government agencies, often act reluctant in installing update files.”

Chaudhary also said Indian banks have witnessed several malware attacks in the past “but surprisingly many of them are yet to take adequate measures for protection”.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Making two-wheelers less polluting to combat air pollution in India

Innovations focusing on two-wheelers can make a difference in facing the challenges brought about by climate change.

Two-wheelers are the lifeline of urban Asia, where they account for more than half of the vehicles owned in some countries. This trend is amply evident in India, where sales in the sub-category of mopeds alone rose 23% in 2016-17. In fact, one survey estimates that today one in every three Indian households owns a two-wheeler.

What explains the enduring popularity of two-wheelers? In one of the fastest growing economies in the world, two-wheeler ownership is a practical aspiration in small towns and rural areas, and a tactic to deal with choked roads in the bigger cities. Two-wheelers have also allowed more women to commute independently with the advent of gearless scooters and mopeds. Together, these factors have led to phenomenal growth in overall two-wheeler sales, which rose by 27.5% in the past five years, according to the Society of Indian Automobile Manufacturers (SIAM). Indeed, the ICE 2016 360 survey says that two-wheelers are used by 37% of metropolitan commuters to reach work, and are owned by half the households in India’s bigger cities and developed rural areas.

Amid this exponential growth, experts have cautioned about two-wheelers’ role in compounding the impact of pollution. Largely ignored in measures to control vehicular pollution, experts say two-wheelers too need to be brought in the ambit of pollution control as they contribute across most factors determining vehicular pollution - engine technology, total number of vehicles, structure and age of vehicles and fuel quality. In fact, in major Indian cities, two-thirds of pollution load is due to two-wheelers. They give out 30% of the particulate matter load, 10 percentage points more than the contribution from cars. Additionally, 75% - 80% of the two-wheelers on the roads in some of the Asian cities have two-stroke engines which are more polluting.

The Bharat Stage (BS) emissions standards are set by the Indian government to regulate pollutants emitted by vehicles fitted with combustion engines. In April 2017, India’s ban of BS III certified vehicles in favour of the higher BS IV emission standards came into effect. By April 2020, India aims to leapfrog to the BS VI standards, being a signatory to Conference of Parties protocol on combating climate change. Over and above the BS VI norms target, the energy department has shown a clear commitment to move to an electric-only future for automobiles by 2030 with the announcement of the FAME scheme (Faster Adoption and Manufacturing of Hybrid and Electric Vehicles in India).

The struggles of on-ground execution, though, remain herculean for automakers who are scrambling to upgrade engine technology in time to meet the deadlines for the next BS norms update. As compliance with BS VI would require changes in the engine system itself, it is being seen as one of the most mammoth R&D projects undertaken by the Indian automotive industry in recent times. Relative to BS IV, BS VI norms mandate a reduction of particulate matter by 82% and of oxides of nitrogen (NOx) by 68%.

Emission control in fuel based two-wheelers can be tackled on several fronts. Amongst post-emission solutions, catalytic converters are highly effective. Catalytic converters transform exhaust emissions into less harmful compounds. They can be especially effective in removing hydrocarbons, nitrous oxides and carbon monoxide from the exhaust.

At the engine level itself, engine oil additives are helpful in reducing emissions. Anti-wear additives, friction modifiers, high performance fuel additives and more lead to better performance, improved combustion and a longer engine life. The improvement in the engine’s efficiency as a result directly correlates to lesser emissions over time. Fuel economy of a vehicle is yet another factor that helps determine emissions. It can be optimised by light weighting, which lessens fuel consumption itself. Light weighting a vehicle by 10 pounds can result in a 10-15-pound reduction of carbon dioxide emissions each year. Polymer systems that can bear a lot of stress have emerged as reliable replacements for metals in automotive construction.

BASF, the pioneer of the first catalytic converter for automobiles, has been at the forefront of developing technology to help automakers comply with advancing emission norms while retaining vehicle performance and cost-efficiency. Its new state-of-the-art manufacturing facility at Mahindra World City near Chennai is equipped to develop a range of catalysts for diverse requirements, from high performance and recreational bikes to economy-oriented basic transportation. BASF also leverages its additives expertise to provide compounded lubricant solutions, such as antioxidants, anti-wear additives and corrosion inhibitors and more. At the manufacturing level, BASF’s R&D in engineered material systems has led to the development of innovative materials that are much lighter than metals, yet just as durable and strong. These can be used to manufacture mirror brackets, intake pipes, step holders, clutch covers, etc.

With innovative solutions on all fronts of automobile production, BASF has been successfully collaborating with various companies in making their vehicles emission compliant in the most cost-effective way. You can read more about BASF’s innovations in two-wheeler emission control here, lubricant solutions here and light weighting solutions here.

This article was produced by the Scroll marketing team on behalf of BASF and not by the Scroll editorial team.